If you google it, I am sure you will find a solution to include /web/apps into <Directory> directive and you will be asked to set +x permissions on /web & /web/apps folder (using chmod 755)
And your Apache vhost will look similar to it
<VirtualHost *:80> ServerName www.example.com DocumentRoot /web/apps <Directory "/web/apps" > Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> </VirtualHost>
After doing it if you restart Apache and try you will still get "403 forbidden error"
If you further google, you will find out this is because of SE Linux and steps to disable that.
Basically "sudo setenforce 0", and you can call it a day since everything start to work.
However with "sudo setenforce 0" you are disabling the entire SE Linux security. There is a better way to do that and that is what all this Blog is about.
And here you go.
sudo semanage fcontext -a -t httpd_sys_content_t "/web/apps(/.*)?"
sudo restorecon -R -v /web/apps
That's it folks. If you want to see what magic it does, use the special flag -Z with ls
More info at